multi user
This commit is contained in:
@ -2,6 +2,8 @@ package de.jottyfan.timetrack.modules;
|
||||
|
||||
import java.sql.SQLException;
|
||||
|
||||
import javax.faces.application.FacesMessage;
|
||||
|
||||
import org.jooq.DSLContext;
|
||||
import org.jooq.TableLike;
|
||||
|
||||
@ -22,11 +24,20 @@ public class JooqGateway {
|
||||
public DSLContext getJooq() throws ClassNotFoundException, SQLException {
|
||||
return (DSLContext) facesContext.getJooq();
|
||||
}
|
||||
|
||||
public void addToSessionMap(String key, Object value) {
|
||||
facesContext.getExternalContext().getSessionMap().put(key, value);
|
||||
}
|
||||
|
||||
public Integer getFkLogin() {
|
||||
// TODO: make a login, add the profile id to the session and read it here from
|
||||
// facesContext
|
||||
return 1;
|
||||
SessionBean bean = (SessionBean) facesContext.getExternalContext().getSessionMap().get("sessionBean");
|
||||
if (bean == null) {
|
||||
facesContext.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, "schwerer Anwendungsfehler",
|
||||
"no sessionBean found in session, therefore, set fkLogin to 1"));
|
||||
bean = new SessionBean();
|
||||
bean.setLogin(1);
|
||||
}
|
||||
return bean.getLogin();
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
package de.jottyfan.timetrack.modules;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.enterprise.context.SessionScoped;
|
||||
import javax.inject.Named;
|
||||
@ -17,12 +19,17 @@ import org.jasypt.util.password.StrongPasswordEncryptor;
|
||||
public class SessionBean implements Serializable {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private Set<String> privileges;
|
||||
private Integer login;
|
||||
private String username;
|
||||
private String secret;
|
||||
private String forename;
|
||||
private String surname;
|
||||
|
||||
public SessionBean() {
|
||||
this.privileges = new HashSet<>();
|
||||
}
|
||||
|
||||
public Boolean getHasLogin() {
|
||||
return login != null;
|
||||
}
|
||||
@ -39,6 +46,10 @@ public class SessionBean implements Serializable {
|
||||
this.login = login;
|
||||
}
|
||||
|
||||
public Boolean hasPrivilege(String privilege) {
|
||||
return privileges.contains(privilege);
|
||||
}
|
||||
|
||||
public String getSecret() {
|
||||
StrongPasswordEncryptor spe = new StrongPasswordEncryptor();
|
||||
return spe.encryptPassword(secret);
|
||||
@ -48,7 +59,7 @@ public class SessionBean implements Serializable {
|
||||
StrongPasswordEncryptor spe = new StrongPasswordEncryptor();
|
||||
return spe.checkPassword(secret, encrypted);
|
||||
}
|
||||
|
||||
|
||||
public void setSecret(String secret) {
|
||||
this.secret = secret;
|
||||
}
|
||||
@ -76,4 +87,11 @@ public class SessionBean implements Serializable {
|
||||
public void setUsername(String username) {
|
||||
this.username = username;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the privileges
|
||||
*/
|
||||
public Set<String> getPrivileges() {
|
||||
return privileges;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
package de.jottyfan.timetrack.modules;
|
||||
|
||||
import javax.enterprise.context.RequestScoped;
|
||||
import javax.faces.application.FacesMessage;
|
||||
import javax.faces.context.FacesContext;
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Named;
|
||||
@ -20,6 +21,9 @@ public class SessionControl {
|
||||
@Inject
|
||||
private SessionBean sessionBean;
|
||||
|
||||
private String secretNew1;
|
||||
private String secretNew2;
|
||||
|
||||
public String doLogin() {
|
||||
SessionModel model = new SessionModel();
|
||||
model.doLogin((JooqFacesContext) FacesContext.getCurrentInstance(), sessionBean);
|
||||
@ -32,6 +36,56 @@ public class SessionControl {
|
||||
sessionBean.setForename(null);
|
||||
sessionBean.setSurname(null);
|
||||
sessionBean.setUsername(null);
|
||||
sessionBean.getPrivileges().clear();
|
||||
return Pages.START.get();
|
||||
}
|
||||
|
||||
public String doChangePassword() {
|
||||
if (!secretNew1.equals(secretNew2)) {
|
||||
FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR, "error on changing password",
|
||||
"passwords are not equal");
|
||||
FacesContext.getCurrentInstance().addMessage(null, msg);
|
||||
return "";
|
||||
} else if (new SessionModel().doChangePassword((JooqFacesContext) FacesContext.getCurrentInstance(), secretNew1)) {
|
||||
FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_INFO, "successfully changed password",
|
||||
"the new password has been saved");
|
||||
FacesContext.getCurrentInstance().addMessage(null, msg);
|
||||
return Pages.START.get();
|
||||
} else {
|
||||
FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR, "error on changing password",
|
||||
"database change was not successful");
|
||||
FacesContext.getCurrentInstance().addMessage(null, msg);
|
||||
return "";
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the secretNew1
|
||||
*/
|
||||
public String getSecretNew1() {
|
||||
return secretNew1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param secretNew1
|
||||
* the secretNew1 to set
|
||||
*/
|
||||
public void setSecretNew1(String secretNew1) {
|
||||
this.secretNew1 = secretNew1;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the secretNew2
|
||||
*/
|
||||
public String getSecretNew2() {
|
||||
return secretNew2;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param secretNew2
|
||||
* the secretNew2 to set
|
||||
*/
|
||||
public void setSecretNew2(String secretNew2) {
|
||||
this.secretNew2 = secretNew2;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,17 +1,21 @@
|
||||
package de.jottyfan.timetrack.modules;
|
||||
|
||||
import static de.jottyfan.timetrack.db.profile.Tables.T_LOGIN;
|
||||
import static de.jottyfan.timetrack.db.profile.Tables.V_LOGINROLE;
|
||||
|
||||
import java.sql.SQLException;
|
||||
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.jooq.DSLContext;
|
||||
import org.jooq.Record1;
|
||||
import org.jooq.Record4;
|
||||
import org.jooq.SelectConditionStep;
|
||||
import org.jooq.UpdateConditionStep;
|
||||
import org.jooq.exception.DataAccessException;
|
||||
|
||||
import de.jooqFaces.JooqFacesContext;
|
||||
import de.jottyfan.timetrack.db.profile.tables.records.TLoginRecord;
|
||||
|
||||
/**
|
||||
*
|
||||
@ -31,9 +35,9 @@ public class SessionGateway extends JooqGateway {
|
||||
* @param bean
|
||||
* the bean
|
||||
* @return true or false
|
||||
* @throws SQLException
|
||||
* @throws ClassNotFoundException
|
||||
* @throws DataAccessException
|
||||
* @throws SQLException
|
||||
* @throws ClassNotFoundException
|
||||
* @throws DataAccessException
|
||||
*/
|
||||
public boolean seekAndSetLogin(SessionBean bean) throws DataAccessException, ClassNotFoundException, SQLException {
|
||||
try (DSLContext jooq = getJooq()) {
|
||||
@ -54,6 +58,18 @@ public class SessionGateway extends JooqGateway {
|
||||
bean.setLogin(r.get(T_LOGIN.PK));
|
||||
bean.setForename(r.get(T_LOGIN.FORENAME));
|
||||
bean.setSurname(r.get(T_LOGIN.SURNAME));
|
||||
|
||||
SelectConditionStep<Record1<String>> sql2 = jooq
|
||||
// @formatter:off
|
||||
.select(V_LOGINROLE.ROLE_NAME)
|
||||
.from(V_LOGINROLE)
|
||||
.where(V_LOGINROLE.LOGIN.eq(bean.getUsername()));
|
||||
// @formatter:on
|
||||
LOGGER.debug(sql2.toString());
|
||||
for (Record1<String> privilege : sql2.fetch()) {
|
||||
bean.getPrivileges().add(privilege.get(V_LOGINROLE.ROLE_NAME));
|
||||
}
|
||||
addToSessionMap("sessionBean", bean);
|
||||
return true;
|
||||
} else {
|
||||
throw new DataAccessException("wrong password");
|
||||
@ -64,4 +80,29 @@ public class SessionGateway extends JooqGateway {
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* change the password
|
||||
*
|
||||
* @param bean
|
||||
* the bean containing the new password
|
||||
* @return true or false
|
||||
* @throws SQLException
|
||||
* @throws ClassNotFoundException
|
||||
* @throws DataAccessException
|
||||
*/
|
||||
public boolean changePassword(SessionBean bean, String newPassword)
|
||||
throws DataAccessException, ClassNotFoundException, SQLException {
|
||||
bean.setSecret(newPassword);
|
||||
String encryptedPassword = bean.getSecret();
|
||||
try (DSLContext jooq = getJooq()) {
|
||||
UpdateConditionStep<TLoginRecord> sql = jooq
|
||||
// @formatter:off
|
||||
.update(T_LOGIN)
|
||||
.set(T_LOGIN.PASSWORD, encryptedPassword)
|
||||
.where(T_LOGIN.PK.eq(bean.getLogin()));
|
||||
// @formatter:on
|
||||
LOGGER.debug("updating password, disable log here");
|
||||
return sql.execute() == 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -25,4 +25,14 @@ public class SessionModel {
|
||||
}
|
||||
}
|
||||
|
||||
public boolean doChangePassword(JooqFacesContext facesContext, String secretNew) {
|
||||
try {
|
||||
SessionBean bean = (SessionBean) facesContext.getExternalContext().getSessionMap().get("sessionBean");
|
||||
return new SessionGateway(facesContext).changePassword(bean, secretNew);
|
||||
} catch (DataAccessException | ClassNotFoundException | SQLException e) {
|
||||
FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR, "error on changing password", e.getMessage());
|
||||
facesContext.addMessage(null, msg);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user